BugTraq Mode:
(Page 6 of 1588)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >
[SECURITY] [DSA 2978-2] libxml2 security update 2015-02-06
Alessandro Ghedini (ghedo debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-2978-2 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Alessandro Ghedini
February 06, 2015

[ more ]  [ reply ]
[oCERT-2015-002] e2fsprogs input sanitization errors 2015-02-05
Andrea Barisani (lcars ocert org)

#2015-002 e2fsprogs input sanitization errors

Description:

The e2fsprogs package is a set of open source utilities for ext2, ext3 and
ext4 filesytems.

The libext2fs library, part of e2fsprogs and utilized by its utilities, is
affected by a boundary check error on block group descriptor informati

[ more ]  [ reply ]
RE: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05
Dimitris Strevinas (d strevinas obrela com)
Ben, we have reproduced the vulnerability in many occasion.
First of all, at least to steal the session it is no matter if
X-Frame-Option is set to deny/same-origin.
Secondly, we were able to easily bypass the alert popup. It is not needed if
you implement the "waiting" logic with a synchronous AJAX

[ more ]  [ reply ]
Very Important Info About "Major Internet Explorer Vulnerability - NOT Patched" 2015-02-05
David Leo (david leo deusen co uk)
1.
"Spartan - vulnerable (Windows 10)"
http://www.deusen.co.uk/items/insider3show.3362009741042107/SpartanWin10
_screenshot.png
Thanks to Zaakiy Siddiqui!

2.
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>
Many asked for it.

3.
It's Universal XSS, as we tested:
Not onl

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-05
David Leo (david leo deusen co uk)
"is this entirely an IE flaw"
Yes.

"is it tied to the use of Cloudflare"
No.

"I tried to reproduce... was unsuccessful"
Likely, this detail is missing:
<?php
sleep(2);
header("Location: http://www.dailymail.co.uk/robots.txt");
?>
Please tell us whether you reproduce(with the PHP code).

"am I corr

[ more ]  [ reply ]
Re: Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04
kingkaustubh me com
Here is the exact conversation

ASUS CASEID=RTM20150115204498-295 Please click here if you wish to reply this mail!

Dear Kaustubh,

Thank you for the information, we really appreciate your feedback.

To improve our customers experience we have forwarded your information to related dept., the conc

[ more ]  [ reply ]
Cisco Security Advisory: Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability 2015-02-04
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory Cisco WebEx Meetings Server Command Injection Vulnerability

Advisory ID: cisco-sa-20150204-wbx

Revision 1.0
For Public Release 2015 February 4 16:00 UTC (GMT)

- ----------------------------------------------------------------

[ more ]  [ reply ]
Bitdefender Internet Security - 2015-02-04
jerold v00d00sec com
There seems to be some security issues with the way Bitdefender Internet Security 2015 software (Build 18.20.0.1429) interacts with its myBitdefender online portal.

Issues:

1) Possible partial information disclosure privacy issue of users' myBitdefender account credentials when using the SAFEGO fu

[ more ]  [ reply ]
ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities 2015-02-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2015-010: EMC Documentum D2 Multiple Vulnerabilities

EMC Identifier: ESA-2015-010

CVE Identifier: CVE-2015-0517, CVE-2015-0518

Affected products:

? EMC Documentum D2 3.1 and all patch versions

? EMC Documentum D2 3.1 SP1 and all patch

[ more ]  [ reply ]
ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability 2015-02-04
Security Alert (Security_Alert emc com)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

ESA-2014-158: RSA BSAFE® Micro Edition Suite, SSL-J and SSL-C Triple Handshake Vulnerability

EMC Identifier: ESA-2014-158

CVE Identifier: CVE-2014-4630

Severity Rating: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)

Affect

[ more ]  [ reply ]
Re: [FD] Major Internet Explorer Vulnerability - NOT Patched 2015-02-04
David Leo (david leo deusen co uk)
Microsoft was notified on Oct 13, 2014.

Joey thank you very much for your words.

Kind Regards,

On 2015/2/3 4:53, Joey Fowler wrote:
> Hi David,
>
> "nice" is an understatement here.
>
> I've done some testing with this one and, while there /are/ quirks, it most definitely works. It even bypasses

[ more ]  [ reply ]
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5 2015-02-04
sven bsddaemon org
[CVE-2015-1467] Fork CMS - SQL Injection in Version 3.8.5

----------------------------------------------------------------

Product Information:

Software: Fork CMS

Tested Version: 3.8.5, released on Wednesday 14 January 2015

Vulnerability Type: SQL Injection (CWE-89)

Download link to tested ver

[ more ]  [ reply ]
[SECURITY] [DSA 3153-1] krb5 security update 2015-02-03
Moritz Muehlenhoff (jmm debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3153-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Moritz Muehlenhoff
February 03, 2015

[ more ]  [ reply ]
MITKRB5-SA-2015-001 Vulnerabilities in kadmind, libgssrpc, gss_process_context_token 2015-02-03
Greg Hudson (ghudson mit edu)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MITKRB5-SA-2015-001

MIT krb5 Security Advisory 2015-001
Original release: 2015-02-03
Last update: 2015-02-03

Topic: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token
VU#540092

CVE-2014-5352: gss_process_context_token() incorrectly free

[ more ]  [ reply ]
CVE-2015-1437 XSS In ASUS Router. 2015-02-03
kingkaustubh me com (2 replies)
#####################################
Title:- Reflected XSS vulnarbility in Asus RT-N10 Plus router
Author: Kaustubh G. Padwad
Product: ASUS Router RT-N10 Plus
Firmware: 2.1.1.1.70
Severity: HIGH
Auth: Not requierd
CVE ID: CVE-2015-1437
# Description:
Vulnerable Parameter: flag=
# Vulne

[ more ]  [ reply ]
Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04
Michael Meyer (micha komma-nix de) (1 replies)
Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04
Darko Vršič (darko varnost si)
Re: CVE-2015-1437 XSS In ASUS Router. 2015-02-04
Henri Salo (henri nerv fi)
[SECURITY] [DSA 3152-1] unzip security update 2015-02-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3152-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 03, 2015

[ more ]  [ reply ]
CVE-2014-5360 Landesk Management Suite XSS (Cross-Site Scripting) Security Vulnerability 2015-02-03
alex_haynes outlook com
Exploit Title: Landesk Management Suite Cross-Site scripting vulnerabilityProduct: Landesk Management Suite

Vulnerable Versions: 9.5 (possible previous versions), 9.6
Tested Version: 9.5
Advisory Publication: Feb 02, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-536

[ more ]  [ reply ]
[SECURITY] [DSA 3151-1] python-django security update 2015-02-03
Salvatore Bonaccorso (carnil debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3151-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Salvatore Bonaccorso
February 03, 2015

[ more ]  [ reply ]
articleFR CMS 3.0.5 - Arbitrary File Upload 2015-02-03
Tien Tran Dinh (tien d tran itas vn)
#Vulnerability title: articleFR CMS 3.0.5 - Arbitrary File Upload
#Product: articleFR CMS
#Vendor: http://freereprintables.com
#Affected version: version 3.0.5
#Fixed version: N/A
#Author: Tran Dinh Tien (tien.d.tran (at) itas (dot) vn [email concealed]) & ITAS
Team (w

[ more ]  [ reply ]
articleFR CMS 3.0.5 - SQL injection vulnerability 2015-02-03
Tien Tran Dinh (tien d tran itas vn)
#Vulnerability title: articleFR CMS 3.0.5 - SQL injection vulnerability
#Product: articleFR
#Vendor: http://freereprintables.com
#Affected version: version 3.0.5
#Download link: https://github.com/articlefr/articleFR
#Fixed version: N/A
#CVE ID: CVE-2015-1364
#Author: Tran Dinh Tien (tien.d.tran@ita

[ more ]  [ reply ]
articleFR CMS 3.0.5 - XSS vulnerability 2015-02-03
Tien Tran Dinh (tien d tran itas vn)
#Vulnerability title: articleFR CMS 3.0.5 - XSS vulnerability
#Product: articleFR
#Vendor: http://freereprintables.com
#Affected version: version 3.0.5
#Download link: https://github.com/articlefr/articleFR
#Fixed version: N/A
#CVE ID: CVE-2015-1363
#Author: Tran Dinh Tien (tien.d.tran (at) itas (dot) vn [email concealed]) & IT

[ more ]  [ reply ]
[CVE-2014-9331] ManageEngine Desktop Central CSRF vulnerability to add an Admin user advisory 2015-02-02
mohamed idris helpag com
#####################################
Title:- Cross-Site Request Forgery (CSRF) Vulnerability in ManageEngine Desktop Central 9 Allows adding an Admin User
Author: Mohamed Idris - Help AG Middle East
Vendor: ZOHO Corp
Advisory ID: hag20141205
Product: ManageEngine Desktop Central 9
Version: All vers

[ more ]  [ reply ]
[security bulletin] HPSBMU03232 rev.3 - HP SiteScope, Remote Elevation of Privilege 2015-02-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04539443

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04539443
Version: 3

HPSBMU03232 re

[ more ]  [ reply ]
[security bulletin] HPSBGN03237 rev.1 - HP Insight Remote Support v7 Clients running SSLv3, Remote Disclosure of Information 2015-02-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04553458

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04553458
Version: 1

HPSBGN03237 r

[ more ]  [ reply ]
[security bulletin] HPSBGN03247 rev.1 - HP IceWall SSO Dfw using glibc, Remote Execution of Abitrary Code 2015-02-02
security-alert hp com
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04560440

SUPPORT COMMUNICATION - SECURITY BULLETIN

Document ID: c04560440
Version: 1

HPSBGN03247 re

[ more ]  [ reply ]
[SECURITY] [DSA 3149-1] condor security update 2015-02-02
Sebastien Delafond (seb debian org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- ------------------------------------------------------------------------
-
Debian Security Advisory DSA-3149-1 security (at) debian (dot) org [email concealed]
http://www.debian.org/security/ Sebastien Delafond
February 02, 2015

[ more ]  [ reply ]
(Page 6 of 1588)  < Prev  1 2 3 4 5 6 7 8 9 10 11  Next >


 

Privacy Statement
Copyright 2010, SecurityFocus